0

The following rules were working for ipv4 addresses in iptables but using the same rules in ip6tables is not working. Currently all ipv6 addresses are being blocked. This rule set should allow https access from the single ip 2500:1017:b91a:97e5:53e8:7700:b09b:b93

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 ACCEPT     all      lo     any     anywhere             anywhere            
    0     0 ACCEPT     all      any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 DROP       tcp      any    any     anywhere             anywhere             tcp dpt:http
    0     0 ACCEPT     tcp      any    any     2500:1017:b91a:97e5:53e8:7700:b09b:b93  anywhere             tcp dpt:https
    0     0 DROP       tcp      any    any     anywhere             anywhere             tcp dpt:https

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Edit:

I have been playing around with this and iptables -A INPUT -p tcp --dport 443 -j DROP in iptables is also affecting IP6 connections, from what I have read I thought iptables would only affect IP4 connections.

Kline
  • 227
  • 4
  • 13
  • That ruleset looks right. What is the problem you are having? – Michael Hampton Feb 09 '17 at 18:25
  • so imagine the same ruleset in iptables but with the single IP line commented out. With both rulesets active the single IP is blocked, I have been allowing access to IP4 addresses in the same way via iptables ok but can only seem to get access from an IP6 address if I remove the block in iptables, which doesn't make sense as that should only affect IP4 addresses. Whatever I do ip6tables just seems to be ignored although I haven't tested any other rules. – Kline Feb 10 '17 at 00:57
  • Where are your rules to allow ICMP?! IPv6 will not work properly without this. – Michael Hampton Feb 10 '17 at 00:59
  • Where does that need to go ip6tables or iptables? – Kline Feb 10 '17 at 01:44
  • Well, is it IPv4 or IPv6? – Michael Hampton Feb 10 '17 at 01:47
  • I've added the following to both and no luck. # # Ping from inside to outside # iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT # # Ping from outside to inside # iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT – Kline Feb 10 '17 at 10:40
  • Of course not. That only allows pings. – Michael Hampton Feb 10 '17 at 15:25
  • ok that was my fault for not reading about ICMP properly but I still don't know what you mean, how am I supposed to allow ICMP for IPv6? I honestly don't want to spend days reading up on this stuff just to do a quick fix, it's not something I have to go near very often. – Kline Feb 11 '17 at 01:18

0 Answers0